<div>Yeah, interesting one really. It depends how you look at it still for me. For example I haven't really known apache being broken into, but I have known a lot sites being broken into commonly on apache. Thats the code apache is serving not apache, but thats kind of what I'm saying. A default Linux server will be pretty stable, a default win2k3 server I will be pretty stable (assuming kept up to date).
</div>
<div> </div>
<div>The user/privilege level I still think overplayed. I see so many people use root when they don't have to (myself included, it was actually ubuntu that started me thinking how slack I had become when I found it stopped me doing lots of things for a good reason). Also just because I'm not root, if I run something as a user, and my user account gets hacked, It's still created a huge problem. I could have viruses now and I wouldn't know as I don't run a virus checker. You can take a machine down as a none privilege user with a single shell command.
</div>
<div> </div>
<div>I'm not saying Linux is less secure, it isn't, so not trying to compare windows to linux so much, just I personally believe there's a false sense of security with it. I've actually seen a lot of people do something like chmod/chown -R and simply include a leading slash by mistake messing up a whole heap of stuff as well (work colleague, not me), or deleting files (which are significantly harder to recover imo) when he had no reason to be using root. There's ways around it all, but I find user mistakes and confidence one of the biggest holes of the lot (be it running something as root, some typing mistake etc).
</div>
<div> </div>
<div>In other words, Linux may be *that* good, but I don't believe the users are ;).</div>
<div> </div>
<div>Ian</div>
<div> </div>
<div><br><br> </div>
<div><span class="gmail_quote">On 10/19/06, <b class="gmail_sendername">Vic</b> <<a href="mailto:lug@beer.org.uk">lug@beer.org.uk</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">> So I take the opinion that Linux is only really more stable and less<br>> viruses because less software is typically installed on it
<br><br>No - I fundamentally disagree with this.<br><br>It's been Microsoft's position for the longest time that the greater<br>numbers of infestations of MS products compared to Linux is down to the<br>installed base, and many commentators have swallowed this line. Yet it
<br>doesn't hold water.<br><br>Consider the web-server market. According to Netcraft, Apache has some<br>70-odd % of all web servers. Now that's not exactly equal to 70% Linux,<br>but it's good enough for rock 'n' roll. IIS has somewhere around 20%.
<br>Linux has *much* greater penetration in this market.<br><br>So this means that Linux/Apache is the one that gets broken into, rather<br>than Windows/IIS, does it? I've yet to see a stat that supports that...<br><br>The main reason IMHO why there is no real virus problem with Linux is that
<br>there is proper privilege separation. It is enforced (and if you listen to<br>the SELinux guys, it's likely to be enforced more strongly in the future).<br>Now modern versions of Windows *could* do something very similar (although
<br>there are fundamental flaws in the scoping of its registry, AIUI) - but<br>almost every user runs without that separation, because if they used it,<br>things would be as "difficult" or "complex" in the Windows world as they
<br>are in the Linux world (I use quote marks because I don't believe<br>privilege to be either difficult or complex - but it does require a little<br>thought from time to time).<br><br>All the above might change if Linspire and its view of life become
<br>prevalent... :-(<br><br>> and people have false confidence in it.<br><br>I don't think there's many people have "false" confidence in it. Linux<br>just *is* that good.<br><br>Vic.<br><br><br>__<br>Sussex mailing list
<br><a href="mailto:Sussex@mailman.lug.org.uk">Sussex@mailman.lug.org.uk</a><br>E-mail Address: <a href="mailto:sussex@mailman.lug.org.uk">sussex@mailman.lug.org.uk</a><br>Sussex LUG Website: <a href="http://www.sussex.lug.org.uk/">
http://www.sussex.lug.org.uk/</a><br><a href="https://mailman.lug.org.uk/mailman/listinfo/sussex">https://mailman.lug.org.uk/mailman/listinfo/sussex</a><br></blockquote></div><br>